From: naveen M S (navin.ms@gmail.com)
Date: Thu Mar 26 2009 - 14:36:02 ART
From the link given above.
"... The configuration of root guard is on a per-port basis. Root guard does
not allow the port to become an STP root port, so the port is always
STP-designated. If a better BPDU arrives on this port, root guard does not
take the BPDU into account and elect a new STP root. Instead, root guard
puts the port into the root-inconsistent STP state. You must enable root
guard on all ports where the root bridge should not appear. In a way, you
can configure a perimeter around the part of the network where the STP root
is able to be located..."
1) Root guard should not be placed on root ports.
2) Root guard should be placed on all non-root ports, to avoid them becoming
root ports.
3) Root guard enabled ports are always kept in STP Designated state.
Hence, as some have said, to answer this task enable root guard on that port
which makes it *ineligible* to become root port. But don't put root guard on
root port, please !
Naveen.
On Thu, Mar 26, 2009 at 10:11 AM, Joe Astorino <joe_astorino@comcast.net>wrote:
> I think I see what you are saying now Bryan -- Are you saying to put root
> guard on the port that should never become the root port? That way, when it
> hears BPDUs from the root switch, it will shut down the port? Definitely
> "outside the box" way of using root guard, but I guess that would work!
>
> "He not busy being born is busy dying" -- Dylan
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
>
> mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
> Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
> W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
> RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
> YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
> doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
> EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
> FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
> FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
> aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
> CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
> Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
> tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
> q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
> VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
> ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
> fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
> F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
> UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
> nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
> QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
> 1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
> L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
> DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
> 74k/eLaYWYqu7YI=
> =8HMA
> -----END PGP PUBLIC KEY BLOCK-----
>
> ----- Original Message -----
> From: "Bryan Bartik" <bbartik@ipexpert.com>
> To: "Divin Mathew John" <divinjohn@gmail.com>
> Cc: "oluwaseyi ojo" <sameoj@gmail.com>, "ftt" <femi0802@googlemail.com>,
> ccielab@groupstudy.com
> Sent: Thursday, March 26, 2009 1:00:14 PM GMT -05:00 US/Canada Eastern
> Subject: Re: STP Root port Eligibility
>
> The task says that the port should never be "root port"...A port becomes
> root port when it hears superior BPDUs. How can you block these?
>
> You are not preventing the downstream ports from using this switch as root.
>
> On Thu, Mar 26, 2009 at 10:54 AM, Divin Mathew John <divinjohn@gmail.com
> >wrote:
>
> > Root guard allows the device to participate in STP as long as the
> > device does not try to become the root. If root guard blocks the port,
> > subsequent recovery is automatic. Recovery occurs as soon as the
> > offending device ceases to send superior BPDUs.
> >
> >
> http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml#diff
> >
> > Exactly...normal STP will function but.! a New root cannot takeover
> > sending BPDU's from that port.! thats all
> > Thanking You
> >
> > Yours Sincerely
> >
> > Divin Mathew John
> > divinjohn@gmail.com
> > divin@dide3d.com
> > +91 9945430983
> > +91 9846697191
> > +974 5008916
> > PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt
> >
> >
> >
> > On Thu, Mar 26, 2009 at 10:21 PM, Bryan Bartik <bbartik@ipexpert.com>
> > wrote:
> > > rt. Even with root guard enabled on one port, other ports can be root
> po
> >
>
>
>
> --
> Bryan Bartik
> CCIE #23707, CCNP
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:07 ART